ci-multinode: Update configuration for external TLS using Vault CA

stackhpc · Apr 15, 2024 · 88f83b9 · 88f83b9
1 parent 22eded5
commit 88f83b9
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 3 deletions.
diff --git a/.automation.conf/tempest/tempest-ci-multinode.overrides.conf b/.automation.conf/tempest/tempest-ci-multinode.overrides.conf
@@ -32,4 +32,4 @@ max_microversion = 3.70
 build_timeout = 600
 
 [dashboard]
-dashboard_url = http://192.168.39.2
+dashboard_url = https://192.168.39.2
diff --git a/etc/kayobe/environments/ci-multinode/kolla.yml b/etc/kayobe/environments/ci-multinode/kolla.yml
@@ -8,12 +8,16 @@ kolla_enable_designate: true
 kolla_enable_redis: true
 kolla_enable_barbican: true
 
-# The multinode environment supports Backend and internal TLS , but it must be
-# enabled in the correct order. See
+# The multinode environment supports backend, external and internal TLS , but
+# it must be enabled in the correct order. See
 # https://stackhpc-kayobe-config.readthedocs.io/en/stackhpc-yoga/configuration/vault.html
 # for details.
+# kolla_enable_tls_external: true
 # kolla_enable_tls_internal: true
 
+kolla_public_openrc_cacert: "{{ '/etc/pki/tls/certs/ca-bundle.crt' if os_distribution in ['centos', 'rocky'] else '/etc/ssl/certs/ca-certificates.crt' }}"
+kolla_admin_openrc_cacert: "{{ kolla_public_openrc_cacert }}"
+
 # The multinode environment supports Manila but it is not enabled by default.
 # kolla_enable_manila: true
 # kolla_enable_manila_backend_cephfs_native: true

diff --git a/etc/kayobe/environments/ci-multinode/tempest.yml b/etc/kayobe/environments/ci-multinode/tempest.yml
@@ -0,0 +1,3 @@
+---
+# Add the Vault CA certificate to the rally container when running tempest.
+tempest_cacert: "{{ kayobe_env_config_path }}/kolla/certificates/ca/vault.crt"